Jump to content

MartinK

ESET Staff
  • Posts

    2,353
  • Joined

  • Last visited

  • Days Won

    67

Kudos

  1. Upvote
    MartinK received kudos from Gonzalo Alvarez in ESET PROTECT after update from EMSC 7.x - Connection has failed with state 'Not connected'   
    Could you please check ESMC/EP trace log for possible hints? Can you verify that service "eraserver" or process ERAServer are actually running? After update, there might be some time during which console is not able to connects - during this phase, database migration is performed, but it should not take very long in case you do not have huge database size/content.
    Also you have updated ESMC to EP in existing appliance, or upgrade using "appliance migration" was used? If first is the case, how old was original appliance? If it was much older, there might be possibly issues with dependencies.
  2. Upvote
    MartinK received kudos from Pancakedinner in Dynamic Group Template for No Users logged in   
    Actually problem was in dynamic groups evaluation as described in my previous post. Logged users were reported correctly, but it was not possible to create dynamic group with required conditions (negate condition on empty list).
  3. Upvote
    MartinK received kudos from Pancakedinner in Dynamic Group Template for No Users logged in   
    Have you also tried what happens after system reboot but before users logs in?
    When users are leaving computer, do they actually log out, or they only lock screen? There is also possibility to create report with "Computer name" and "Logged user name" to check what is going on, but my guess is that computer will be still reporting last logged user.
  4. Upvote
    MartinK received kudos from Pancakedinner in Dynamic Group Template for No Users logged in   
    It should be possible to create such group but I was not able to verify it. There are multiple options, but you may try to configure dynamic group template as in screenshot:
     

     
    EDIT: dynamic group does not work in ERA 6.4
     
    Once this dynamic group is replicated to AGENT, it is evaluated automatically and should detect change in list of logged users almost immediately as it is listening for system notifications. AGENT will be joining and leaving dynamic groups autonomously without active connection to SERVER -> if you attach specific task to this group, it will be executed even if computer is offline. I guess it is no surprise that you won't see offline computer joining/leaving dynamic group in Webconsole as this information requires working connection to SERVER.
  5. Upvote
    MartinK received kudos from MichalJ in Last used tasks - greyed out   
    Just a note that this issue should be resolved with version deployed recently.
  6. Upvote
    MartinK received kudos from MichalJ in Update Agent Version   
    This seems to be an common misunderstanding and we should probably improve communication to users so that it is clear.

    In case of components upgrade task, you are actually selecting version of ESET PROTECT Server component, that you can actually upgrade to. In other words, in case your infrastructure is based on ESET PROTECT Server for Windows, you will be offered only the same or later version for the same platform. This version is later used for selection of compatible AGENT installers. So for example, as you have selected version 8.1.1223.0 as compatibility version, when this task is executed on macOS device, ESET repository is searched for latest AGENT version for macOS, that is compatible with ESET PROTECT 8.1.1223.0. which is currently version 8.1.3215.0. So the most confusing part is that you are actually not selecting version of AGENT to be installed, but just reference version used for compatibility.
     
  7. Upvote
    MartinK received kudos from MichalJ in Installing Agent through CMD QUITET doesn't work for ESET PROTECT CLOUD   
    Could you please provide standard trace.log from AGENT or possibly search it for more detailed connection errors? I do not see any obvious problem with deployment method you are using - in case no mistake was made during parameters processing, it should work. From provided status.html it is not clear why connection is failing, it might be network related, but also certificate related. As it seems that certificate of ESET PROTECT Cloud service has been accepted, it might be problem with AGENTs certificate -> in steps you mentions "same old file" next to certificates, but if it means that you are attempting to use the same certificates an you used with on-premise solution, that won't work -> devices managed by cloud service are assigned certificate generated by service itself, and that is only certificate that will enable your devices to connect.

    Also note, that there is even simpler deployment method:
    Download AGENT MSI file and install_config.ini (so called GPO installer) into the same folder Initiate silent installation of AGENT via msiexec command, but without product specific parameters (those P_***) Observe that installer properties are automatically loaded from install_config.ini, i.e. there is no need to copy them to command line
  8. Upvote
    MartinK received kudos from j-gray in Help generating a software report with user login info   
    Actually it works in a way that only "supported" combinations are possible, so once you select more and more columns, there is less possibilities to chose from. So from technical perspective, it is "by design" as required combination is most probably not available.
    What would be actually the use-case you are targeting by this report? Just to pair employees with devices that are no longer connecting?
  9. Upvote
    MartinK received kudos from j-gray in Help generating a software report with user login info   
    Not sure I understand correctly, but filtering devices based on dynamic groups should be farily easy: just filter has t obe added to reports:

    but there might be conflict with other settings, preventing use of such filter.
  10. Upvote
    MartinK received kudos from MichalJ in EFDE custom policy not showing under applied policies   
    If my understanding is correct, you created installer where you included policy for EFDE? If so, it is actually expected behavior, as installer will just configure installed product to use settings from embedded policy, but to enforce settings, policy has to be applied also in console in a standard way. If so, solution would be to visit policies screen and assign required policy to groups or devices. In other words, policy as included in installers are intended primarily for initial configuration used until management agent is able to fetch policies and other properties from ESET PROTECT.

    We will also try to improve communication of this behavior so that is it more clear.
     
  11. Upvote
    MartinK received kudos from simpletonsavant in Multiple domains, some computers not checking in at correct interval   
    Just to be sure, but by "only check in when they are turned on" you mean that do connect only once, after they are started, and another connection attempt is made after reboot? If so, I would double-check configuration of interval, especially in case "cron" based configuration was used.
    Also as mentioned, troubleshooting of such device connectivity will be required, as issue might be also related to network configuration, which might prevent subsequent connections, especially in case there are other security/VPN products used or strict firewall configuration is applied.
  12. Upvote
    MartinK received kudos from MichalJ in Manual VS Automatic ESET Protect Upgrade   
    Component upgrade task upgrades only ESMC/EP components, as is ESET Management Agent, ESMC Server and ESMC WebConsole, but it does not upgrade other, especially third-party components as is Apache Tomcat, Apache HTTP Proxy or MS SQL Server.

    Thus benefit of performing manual upgrade using all-ine-one installer for Windows, or performing upgrade ot EP/ESMC Appliance using "migration" to new version, is that also third-party and and possibly other support tools are upgraded. Also note that manual upgrade is less prone to failures caused by environment issues, as are those network related, but also those caused by missing dependencies (for example minimal supported version of OS or database itself).

    My recommendation would be to perform manual upgrade, as it is fairly simple from users perspective, and it offers more control. Also I would recommend to perform database backup before doing so, but hat should be case also for automatic upgrade.
  13. Upvote
    MartinK received kudos from Peter Randziak in Manual VS Automatic ESET Protect Upgrade   
    Component upgrade task upgrades only ESMC/EP components, as is ESET Management Agent, ESMC Server and ESMC WebConsole, but it does not upgrade other, especially third-party components as is Apache Tomcat, Apache HTTP Proxy or MS SQL Server.

    Thus benefit of performing manual upgrade using all-ine-one installer for Windows, or performing upgrade ot EP/ESMC Appliance using "migration" to new version, is that also third-party and and possibly other support tools are upgraded. Also note that manual upgrade is less prone to failures caused by environment issues, as are those network related, but also those caused by missing dependencies (for example minimal supported version of OS or database itself).

    My recommendation would be to perform manual upgrade, as it is fairly simple from users perspective, and it offers more control. Also I would recommend to perform database backup before doing so, but hat should be case also for automatic upgrade.
  14. Upvote
    MartinK received kudos from Ufoto in Manual VS Automatic ESET Protect Upgrade   
    Component upgrade task upgrades only ESMC/EP components, as is ESET Management Agent, ESMC Server and ESMC WebConsole, but it does not upgrade other, especially third-party components as is Apache Tomcat, Apache HTTP Proxy or MS SQL Server.

    Thus benefit of performing manual upgrade using all-ine-one installer for Windows, or performing upgrade ot EP/ESMC Appliance using "migration" to new version, is that also third-party and and possibly other support tools are upgraded. Also note that manual upgrade is less prone to failures caused by environment issues, as are those network related, but also those caused by missing dependencies (for example minimal supported version of OS or database itself).

    My recommendation would be to perform manual upgrade, as it is fairly simple from users perspective, and it offers more control. Also I would recommend to perform database backup before doing so, but hat should be case also for automatic upgrade.
  15. Upvote
    MartinK received kudos from MichalJ in Eset Protect VMWare Esxi Virtual Appliance v 8.0.2216.0 Can't see itself.   
    Could you please check state of ESET Management Agent installed on the virtual appliance? Any chance you already tried to reboot whole appliance? Also was there any service interruption or operating system changes performed on a date that management agent connected for the last time? Previously we have seen that operating system updates or even changes of timezone/time o machine could result in this state.
  16. Upvote
    MartinK received kudos from Your majesty in Can't connect for era/webconsole in LAN   
    In case there is a firewall, you have to enable port 443 (standard HTTPs) or possibly other simillar port, the same you are using locally.
    Short summary of ports in default:
    2222 is ports used for AGENT->ESET PROTET communication and should be generally opened from network where AGENTs are installed 2223 is port used by Apache Tomcat to communicate with it's backend and also it is used by installers to communicate with it. In case you are not using so called "Server assisted" mode of installers, there is no need to open this oper to outside networks 443/8443 is default port used to connect to console using standard web browser. This port has to be accessible to devices where browser/console users will be connecting from. Specific value os this port might depend on environment and Apache Tomcat configuration.
  17. Upvote
    MartinK received kudos from Peter Randziak in Agent 8.0.1238.0 upgrade task failed   
    Just to let you know, problem was indeed triggered by localized Windows operating system, i.e. operating systems where certain status messages provided by system itself contained non-ASCII characters.
    Unfortunately problematic helper tool UpdaterService.exe is part of already installed version 7.2.1266.0 and therefore proper solution was not possible and upgrade from this specific version to any new version will report this kind of failure even when upgrade will be successfully. Also it has been confirmed that upgrade from version 8.0 is not affected, so there should be no such problem with future upgrades.
  18. Upvote
    MartinK gave kudos to Zoltan Endresz in Endpoint Antivirus - requirement to reboot after update?   
    Hi Thomas, 
    My solution is the following:
     
    1.:  - I created a dynamic group for collect the computers with error message "Restart required" :

     
    2.:  - Then I defined a CRON triggered task for send a pop-up window message into the affected computers:
    "Hello Collegue, please restart your computer as soon as possible because an ESET software update...bla..bla" or something like this
    You can configure the CRON for example launch the message hourly, every 10 minutes or as you want  
     
    It works pretty fine
     
  19. Upvote
    MartinK gave kudos to MichalJ in ESET Protect 8 login issues   
    Just a note. We have just released a hotfix version of ESET Protect Webconsole, that should address the issue with login, when username / password contains a special characters. You can upgrade the console to the current version by running a component upgrade task on your ESET PROTECT server machine. IT will update the webconsole to the version 8.0.175.0 which should resolve those issues. 
  20. Upvote
    MartinK received kudos from antoineL in Agent unable to connect when in remote site/subnet   
    Actually enabling advanced security has not impact on certificate validations - it just forces console to generate more secure certificates, but original ones would still work.
    But what changes with enabling advanced security is that older TLS protocols (If I recall correctly, older than TLS 1.2) are disabled for AGENT connections, and also older and no-longer-safe cipher suites are disabled, which means that only devices with support for latest protocol versions would connection. Recent versions of AGENT do have this support, as they no longer rely on cryptographic primitives provided by operating system, but in case TLS introspection is used in between AGENT and SERVER, it might be blocked in case it does not support any of safe algorithm.
    Regarding analysis, this seems to be network or TLS related, so I would recommend to analyze network communication using tools like wireshark. It is possible that problem is between TLS introspection component and SERVER, and not between AGENT and TLS component, so proper place for capturing of traffic will be required.
  21. Upvote
    MartinK received kudos from igi008 in Future changes to ESET Security Management Center / ESET Remote Administrator   
    Currently it is not decided of the future, and even latest version is using CentOS7-based appliance, which is supposed to be supported until 2024 (i.e. much longer than mentioned CentOS8). We currently rely on fact that security patches are available, even for tomcat 7 which is part of official CentOS7 repositories.
    Just out of curiosity, what would be your preferred Linux distribution for future? Asking as there is not many "free" distributions guaranteeing reasonably long support and stability of environment for future migrations.
  22. Upvote
    MartinK received kudos from marlonanjos in Deployed wrong policy with Replication Proxy settings, now clients cant replicate   
    In case you used Apache HTTP proxy which is part of our installers, you should follow following steps: https://help.eset.com/esmc_install/72/en-US/apache_configuration.html where in short you have to:
    enable port 2222 in case it is not enabled already (depends on version you used) enable connections to your hostname (hostname where AGENT are trying to connect) - by default, only connections to ESET domains are enabled due to security, therefore using proxy for replication connections requires manual steps.  
  23. Upvote
    MartinK received kudos from MichalJ in Reports and permission sets   
    Problem is, that report templates are actually also objects, that are "tied" to specific static group (= access group) and thus have limited visibility. In case of default report templates created during installation, they are configured with access group set to group "All", which means that only user which have access to "Reports & Dashboards" on group "All" will see those reports. The same applies also for other managing objects in console (policies, dynamic groups, notifications, ...).
    Unfortunately I cannot verify now, but there might be two solutions, where both do require some redesign of security model you are using:
    Users might be assigned special permission set, that will give them permission to "Use" Reports from group All - but I would recommend to double check it does not give user access to devices Move/Change access group of required Report templates so that user can see it. We have seen that especially MSPs were creating specific "Shared" static group just to share such objects between users.
  24. Upvote
    MartinK received kudos from MichalJ in Use of "Run command line" task   
    Yes, in case of multiple commands, one have to enter delimited one-liner, as it would be done in one-line BAT file.
    Just a note, this will be improved in upcoming released, where multi-line commands will be possible, which should simplify such scenarios.
  25. Upvote
    MartinK received kudos from jimwillsher in Use of "Run command line" task   
    Yes, in case of multiple commands, one have to enter delimited one-liner, as it would be done in one-line BAT file.
    Just a note, this will be improved in upcoming released, where multi-line commands will be possible, which should simplify such scenarios.
×
×
  • Create New...